New Antivirus Tests Show Rootkits Hard to Kill

← Back to Stories (view on slashdot.org)

New Antivirus Tests Show Rootkits Hard to Kill

Posted by timothy on Wednesday May 14, 2008 @05:43AM from the malice-evolves dept.

ancientribe writes "Security suites and online Web scanners detect only a little more than half of all rootkits, according to new tests conducted by independent test organization AV-Test.org. Many of today's products struggle to clean up the ones they find. AV-Test.org also found that a few big name AV scanners had serious problems finding and removing active rootkits, such as Microsoft Windows Live OneCare 1.6.2111.32 and McAfee VirusScan 2008 11.2.121."

3 of 178 comments (clear)

Min score:

Reason:

Sort:

Not really surpirsed by neokushan · 2008-05-14 06:10 · Score: 5, Interesting

Thanks to all the porn sites my FRIEND goes on, it's not uncommon for my AV to pick up a virus every now and then. Usually it's able to kill the thing, but every now and then one comes along that's just a pig to get rid of.
Norton (keep in mind, last time I used it was half a decade ago, if not more) had a great habit of going "HEY! YOU'VE GOT A VIRUS!" but when you actually tell it to delete the bloody thing, it refused to do anything. What was annoying was that often you could delete it simply by killing the process, but I digress.
Every other AV I've used has been able to handle most, but to this day, every now and then a virus will come along that whatever AV I try simply can't shift, forcing me to do the ol' safe-mode delete trick (or sometimes having to boot into a different OS entirely).
I don't understand why these AV's don't pop up saying "we've found a virus, unfortunately it's going to be a pain to remove, so I can't do it for you, instead here's some instructions on what to do to get rid of it..." instead of just repeatedly popping up that the Virus is there and refusing to do anything about it....

--
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
I don't even bother trying to clean them up. by Dr.+Manhattan · 2008-05-14 06:28 · Score: 5, Interesting

My nephew got something or other on his laptop. I made a desultory effort to clean it, but whatever crap was on there would kill the anti-spyware install routines within seconds. Fortunately I'd installed Ubuntu on another partition, and he was still able to do web and email and stuff, and I told him to back up the data he needs and I'll wipe it and start fresh.
I'm pretty sure it was trojaned game mods that got him instead of the usual porn sites. At least, if it was porn, he did a pretty good job hiding his tracks. :->

--
PHEM - party like it's 1997-2003!
Killing rootkits. You're doing it wrong. by khasim · 2008-05-14 06:30 · Score: 5, Interesting

Every time this subject comes up, I say the same thing.

The problem with finding and removing rootkits (and other forms of malware) is that the vendor of the OS does not provide any means of identifying what the LEGITIMATE files are.

With Ubuntu, I can boot from a LiveCD and check any file on my hard drive. What package does it belong to? Does it have the correct checksums?

Anything that cannot be identified can be moved to a different drive. A drive without run permissions.

Problem solved.